From c56b011f0cc9310be8b1ea92080af649b1d41353 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Sat, 20 Dec 2025 11:28:37 +0000
Subject: [PATCH] zipkin/3.5.1-r9: fix GHSA-vc5p-v9hr-52mj
 <!--ci-cve-scan:must-fix: GHSA-vc5p-v9hr-52mj-->

---
 zipkin.yaml              | 2 +-
 zipkin/pombump-deps.yaml | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/zipkin.yaml b/zipkin.yaml
index 5b7f19664dd..74b1848e31e 100644
--- a/zipkin.yaml
+++ b/zipkin.yaml
@@ -1,7 +1,7 @@
 package:
   name: zipkin
   version: "3.5.1"
-  epoch: 9 # GHSA-84h7-rjj3-6jx4
+  epoch: 10 # GHSA-vc5p-v9hr-52mj
   description: Zipkin distributed tracing system
   copyright:
     - license: Apache-2.0
diff --git a/zipkin/pombump-deps.yaml b/zipkin/pombump-deps.yaml
index 27ebfc50614..52047614bc6 100644
--- a/zipkin/pombump-deps.yaml
+++ b/zipkin/pombump-deps.yaml
@@ -14,3 +14,6 @@ patches:
   - groupId: org.apache.commons
     artifactId: commons-lang3
     version: 3.18.0
+  - groupId: org.apache.logging.log4j
+    artifactId: log4j-core
+    version: 2.25.3